Per discussion I had with support, if you're on 6.4.x flow-based rules
(rather than proxy-based) should work. We unfortunately use proxy-based
inspection on our ruleset.
I'm almost positive it's an issue with change of Let's Encrypt over to
the ISRG certificate. Every site that was reported blocked that I've
reviewed is using a Let's Encrypt certificate. I've got a case open and
I'm waiting on a fix. In the meantime,...
Talked to support. They've confirmed they're working on it, but it is an
issue with the Identrust expiration. Probably going to turn off the
expired cert filter. I think that's about all we can do for now.
